Fraud Alert:

Corporate Account Takeover

Initially identified in 2006, Corporate Account Takeover attacks continue to increase at a steady rate since 2009, with the FBI reporting millions being taken from business accounts. With the help of malicious software (“malware”) Cyber Criminals can steal online banking credentials from unsuspecting employees. Once they are successfully logged into the company’s online banking account, they can quickly transmit multiple outgoing funds transfer requests (Wires or ACH batches). Often these attacks are quick and result in significant losses for the company.

How it’s done

The process generally starts when an employee of the company opens an e-mail attachment, accepts a fake friend request on social networking sites, or visits a legitimate, yet compromised, website that installs malware on their computer(s). Most likely the employee will not even realize that the bogus e-mail, friend request or website installed something onto their machine. The malware sits silently behind the scenes and can often run undetected for days. Malicious software allows the fraudster to “see” and track the employee’s activities across the businesses network or internet. This tracking may include “key logging” (tracking key strokes) the online credentials used to access bank accounts or other types of sensitive data.

Once the fraudster has the information they need, they will gain access to the business’ online banking site and begin to initiate outgoing wire transfer requests or ACH batches.

Protect, Detect & Respond

1.Educate your staff on this type of fraud scheme. Don’t respond to or open attachments or click on links in unsolicited e-mails. If a message appears to be from Pegasus Bank and requests account information, do not use any of the links provided. Pegasus Bank will never send an e-mail asking for customer passwords, credit card numbers, or other sensitive information. This also goes for other perceived legitimate sources (such as the IRS, Better Business Bureau, Federal Courts etc.). Contact the sender directly through their own web site to confirm the authenticity of the e-mail.

a.Beware of pop-up messages claiming your machine is infected and offering software to scan and fix the problem. This could actually be malicious software.

2.Enhance the security of your computer and networks to protect against this fraud. Minimize the number of, and restrict the functions for, computer workstations and laptops that are used for online banking and payments. If at all possible, conduct all online banking and payments activity from a dedicated computer that is not used for other online activity.

a.Install and maintain real-time anti-virus and anti-spyware desktop firewall and malware detection and removal software. These tools should be regularly scanning your computer. If scans are only done once a week or once a month you may miss something.

b.Install routers and firewalls to prevent unauthorized access to your computer or network.

c.Install security updates to operating systems and all applications as they become available.

d.Block pop-ups.

e.Keep operating systems, browsers, and all other software and hardware up-to-date.

g.Do not use public Internet access points (I.e. Internet cafes, public Wi-Fi hotspots, airports, etc.) to access accounts or personal information. If using such an access point, employ a Virtual Private Network (VPN).

3.Enhance the security of your corporate banking processes and protocols:

a.Initiate ACH and wire transfer payments under dual control using two separate computers. For example: one person authorizes the creation of the payment file and a second person authorizes the release of the file from a different computer system. This helps ensure that one person does not have the access authority to perform both functions, add additional authority, or create a new user ID.

c.Monitor the e-mails that are generated from the online banking platform. All business online banking clients receive multiple e-mails, one of which will indicate when an ACH batch or Wire Transfer request has been initiated. Notify the bank immediately if a batch has been released that you did not authorize.

4.Monitor and reconcile accounts at least once a day.Reviewing accounts regularly enhances the ability to quickly detect unauthorized activity and allows the business and Pegasus bank to take action to prevent or minimize losses.

5.Note any changes in the performance of your computer such as:

·A dramatic loss of speed

·Changes in the way things appear

·Computer locks up so the user is unable to perform any functions.

·Unexpected rebooting or restarting of your computer.

·An unexpected request for a onetime pass code (or token) in the middle of an online session.

·Unusual pop-up messages.

·New or unexpected toolbars and/or icons

·Inability to shut down or restart

6.If you detect suspicious activity, immediately cease all online activity and remove any computer systems that may be compromised from the network.

7.Immediately contact Pegasus Bank so that we may take the following actions:

a.Disable online access to accounts

b.Change online passwords

c.Open new account(s) if appropriate

d.Review all recent transactions and electronic authorizations to the account.

e.Ensure no one has added any new payees, requested an address or phone number change, created new user accounts, changed existing wire/ACH template profiles, ordered new debit cards, checks or other documents.

NOTE: Once a compromise has been reported, Pegasus Bank will request a written statement from the company’s IT staff indicating that scans have been completed on the infected computer(s) and the outcome of those scans prior to re-enabling the online services.